From 33efbeda8a5fb563ed6824e20442ad1867d17ac9 Mon Sep 17 00:00:00 2001 From: Colin Date: Thu, 1 Aug 2024 17:43:58 +0000 Subject: [PATCH] link manpages into all `linkIntoOwnPackage` users --- hosts/common/programs/ausyscall.nix | 2 +- hosts/common/programs/bitcoin-cli.nix | 2 +- hosts/common/programs/errno.nix | 2 +- hosts/common/programs/free.nix | 2 +- hosts/common/programs/gdbus.nix | 2 +- hosts/common/programs/gst-device-monitor.nix | 7 +++---- hosts/common/programs/mimetype.nix | 2 +- hosts/common/programs/objdump.nix | 2 +- hosts/common/programs/pactl.nix | 2 +- hosts/common/programs/pidof.nix | 2 +- hosts/common/programs/pkill.nix | 2 +- hosts/common/programs/ps.nix | 2 +- hosts/common/programs/strings.nix | 2 +- hosts/common/programs/where-am-i.nix | 2 +- hosts/common/programs/zfs-tools.nix | 22 ++++++++++---------- modules/services/clightning.nix | 2 +- pkgs/additional/trivial-builders/default.nix | 14 +++++++++++++ pkgs/default.nix | 1 + 18 files changed, 43 insertions(+), 29 deletions(-) diff --git a/hosts/common/programs/ausyscall.nix b/hosts/common/programs/ausyscall.nix index 5780ebf79..8cca76f5d 100644 --- a/hosts/common/programs/ausyscall.nix +++ b/hosts/common/programs/ausyscall.nix @@ -2,7 +2,7 @@ { pkgs, ... }: { sane.programs.ausyscall = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.audit "bin/ausyscall"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.audit "ausyscall"; sandbox.method = "landlock"; }; diff --git a/hosts/common/programs/bitcoin-cli.nix b/hosts/common/programs/bitcoin-cli.nix index 4c02a92b7..69c67f726 100644 --- a/hosts/common/programs/bitcoin-cli.nix +++ b/hosts/common/programs/bitcoin-cli.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.bitcoin-cli = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.bitcoind "bin/bitcoin-cli"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.bitcoind "bitcoin-cli"; sandbox.method = "bwrap"; sandbox.autodetectCliPaths = "existing"; #< for `bitcoin-cli -datadir=/var/lib/...` sandbox.extraHomePaths = [ diff --git a/hosts/common/programs/errno.nix b/hosts/common/programs/errno.nix index e518e47a6..b1dd60568 100644 --- a/hosts/common/programs/errno.nix +++ b/hosts/common/programs/errno.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.errno = { - # packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.moreutils "bin/errno"; + # packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.moreutils "errno"; # actually, don't build all of moreutils because not all of it builds for cross targets. packageUnwrapped = pkgs.moreutils.overrideAttrs (base: { makeFlags = (base.makeFlags or []) ++ [ diff --git a/hosts/common/programs/free.nix b/hosts/common/programs/free.nix index e7efac68c..5d16aa753 100644 --- a/hosts/common/programs/free.nix +++ b/hosts/common/programs/free.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.free = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.procps "bin/free"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "free"; sandbox.method = "bwrap"; sandbox.isolatePids = false; }; diff --git a/hosts/common/programs/gdbus.nix b/hosts/common/programs/gdbus.nix index 5b6567a96..2876bf104 100644 --- a/hosts/common/programs/gdbus.nix +++ b/hosts/common/programs/gdbus.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.gdbus = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.glib "bin/gdbus"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.glib "gdbus"; sandbox.method = "bwrap"; sandbox.whitelistDbus = [ "user" ]; #< XXX: maybe future users will also want system access diff --git a/hosts/common/programs/gst-device-monitor.nix b/hosts/common/programs/gst-device-monitor.nix index b2c754efc..303db7fe4 100644 --- a/hosts/common/programs/gst-device-monitor.nix +++ b/hosts/common/programs/gst-device-monitor.nix @@ -5,10 +5,9 @@ { pkgs, ... }: { sane.programs.gst-device-monitor = { - packageUnwrapped = (pkgs.linkIntoOwnPackage pkgs.gst_all_1.gst-plugins-base [ - "bin/gst-device-monitor-1.0" - "share/man/man1/gst-device-monitor-1.0.1.gz" - ]).overrideAttrs (base: { + packageUnwrapped = ( + pkgs.linkBinIntoOwnPackage pkgs.gst_all_1.gst-plugins-base "gst-device-monitor-1.0" + ).overrideAttrs (base: { # XXX the binaries need `GST_PLUGIN_SYSTEM_PATH_1_0` set to function, # but nixpkgs doesn't set those (TODO: upstream this!) nativeBuildInputs = (base.nativeBuildInputs or []) ++ [ diff --git a/hosts/common/programs/mimetype.nix b/hosts/common/programs/mimetype.nix index d38ef67a9..9857502a8 100644 --- a/hosts/common/programs/mimetype.nix +++ b/hosts/common/programs/mimetype.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.mimetype = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.perlPackages.FileMimeInfo "bin/mimetype"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.perlPackages.FileMimeInfo "mimetype"; sandbox.method = "bwrap"; sandbox.autodetectCliPaths = "existing"; }; diff --git a/hosts/common/programs/objdump.nix b/hosts/common/programs/objdump.nix index 759457db5..a6eb12c28 100644 --- a/hosts/common/programs/objdump.nix +++ b/hosts/common/programs/objdump.nix @@ -3,7 +3,7 @@ sane.programs.objdump = { # binutils-unwrapped is like 80 MiB, just for this one binary; # dynamic linking means copying the binary doesn't reduce the closure much at all compared to just symlinking it. - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.binutils-unwrapped "bin/objdump"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.binutils-unwrapped "objdump"; sandbox.method = "bwrap"; sandbox.autodetectCliPaths = "existingFile"; }; diff --git a/hosts/common/programs/pactl.nix b/hosts/common/programs/pactl.nix index 0bd8f176d..6720a189e 100644 --- a/hosts/common/programs/pactl.nix +++ b/hosts/common/programs/pactl.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.pactl = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.pulseaudio "bin/pactl"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.pulseaudio "pactl"; sandbox.method = "bwrap"; sandbox.whitelistAudio = true; }; diff --git a/hosts/common/programs/pidof.nix b/hosts/common/programs/pidof.nix index cddf79f51..1d8877924 100644 --- a/hosts/common/programs/pidof.nix +++ b/hosts/common/programs/pidof.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.pidof = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.procps "bin/pidof"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "pidof"; sandbox.method = "bwrap"; sandbox.isolatePids = false; }; diff --git a/hosts/common/programs/pkill.nix b/hosts/common/programs/pkill.nix index edc70a045..22d56b71e 100644 --- a/hosts/common/programs/pkill.nix +++ b/hosts/common/programs/pkill.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.pkill = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.procps "bin/pkill"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "pkill"; sandbox.method = "bwrap"; sandbox.isolatePids = false; }; diff --git a/hosts/common/programs/ps.nix b/hosts/common/programs/ps.nix index 12b4faaed..0509153e9 100644 --- a/hosts/common/programs/ps.nix +++ b/hosts/common/programs/ps.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { sane.programs.ps = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.procps "bin/ps"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.procps "ps"; sandbox.method = "bwrap"; sandbox.isolatePids = false; }; diff --git a/hosts/common/programs/strings.nix b/hosts/common/programs/strings.nix index 26b97ca3c..cc8839b01 100644 --- a/hosts/common/programs/strings.nix +++ b/hosts/common/programs/strings.nix @@ -3,7 +3,7 @@ sane.programs.strings = { # binutils-unwrapped is like 80 MiB, just for this one binary; # dynamic linking means copying the binary doesn't reduce the closure much at all compared to just symlinking it. - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.binutils-unwrapped "bin/strings"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.binutils-unwrapped "strings"; sandbox.method = "landlock"; sandbox.wrapperType = "inplace"; # trivial package; cheaper to wrap in place diff --git a/hosts/common/programs/where-am-i.nix b/hosts/common/programs/where-am-i.nix index c8569836e..7e8ad8e7e 100644 --- a/hosts/common/programs/where-am-i.nix +++ b/hosts/common/programs/where-am-i.nix @@ -4,7 +4,7 @@ # packageUnwrapped = pkgs.linkIntoOwnPackage config.sane.programs.geoclue2.packageUnwrapped "libexec/geoclue-2.0/demos/where-am-i"; packageUnwrapped = pkgs.linkFarm "where-am-i" [{ # bring the `where-am-i` tool into a `bin/` directory so it can be invokable via PATH - name = "bin/where-am-i"; + name = "where-am-i"; path = "${config.sane.programs.geoclue2.packageUnwrapped}/libexec/geoclue-2.0/demos/where-am-i"; }]; diff --git a/hosts/common/programs/zfs-tools.nix b/hosts/common/programs/zfs-tools.nix index db99d6e4a..1b5bc32bb 100644 --- a/hosts/common/programs/zfs-tools.nix +++ b/hosts/common/programs/zfs-tools.nix @@ -1,17 +1,17 @@ { pkgs, ... }: { sane.programs.zfs-tools = { - packageUnwrapped = pkgs.linkIntoOwnPackage pkgs.zfs [ - "bin/arc_summary" - "bin/arcstat" - # "bin/dbufstat" - "bin/zdb" - "bin/zfs" - "bin/zfs_ids_to_path" - "bin/zilstat" - "bin/zpool" - "bin/zstream" - "bin/zstreamdump" + packageUnwrapped = pkgs.linkBinIntoOwnPackage pkgs.zfs [ + "arc_summary" + "arcstat" + # "dbufstat" + "zdb" + "zfs" + "zfs_ids_to_path" + "zilstat" + "zpool" + "zstream" + "zstreamdump" ]; sandbox.method = "landlock"; #< bwrap doesn't work diff --git a/modules/services/clightning.nix b/modules/services/clightning.nix index 5ed296d2d..61ec3d39a 100644 --- a/modules/services/clightning.nix +++ b/modules/services/clightning.nix @@ -235,7 +235,7 @@ in }; sane.programs.lightning-cli = { - packageUnwrapped = pkgs.linkIntoOwnPackage cfg.package "bin/lightning-cli"; + packageUnwrapped = pkgs.linkBinIntoOwnPackage cfg.package "lightning-cli"; }; }; diff --git a/pkgs/additional/trivial-builders/default.nix b/pkgs/additional/trivial-builders/default.nix index 4021e2688..210cdd991 100644 --- a/pkgs/additional/trivial-builders/default.nix +++ b/pkgs/additional/trivial-builders/default.nix @@ -1,5 +1,6 @@ { lib , deepLinkIntoOwnPackage +, linkIntoOwnPackage , rmDbusServicesInPlace , runCommandLocalOverridable , stdenv @@ -65,6 +66,19 @@ done ''; + # `linkBinIntoOwnPackage myPkg "binary-name"` + # `linkBinIntoOwnPackage myPkg [ "cli-tool1" "cli-tool2" ]` + # `linkBinIntoOwnPackage myPkg [ ]` -> link *all* of bin/ + # + # in addition, all manpages/docs are linked into the output + linkBinIntoOwnPackage = pkg: path: let + path' = if path == [] then "" else path; #< if handed an empty list, then link all of `bin` + paths = if lib.isList path' then path else [ path' ]; #< coerce to list + paths' = (lib.map (p: "bin/${p}") paths) ++ [ "share/doc" "share/man" ]; + in + linkIntoOwnPackage pkg paths' + ; + deepLinkIntoOwnPackage = pkg: symlinkJoin { name = pkg.pname or pkg.name; paths = [ pkg ]; diff --git a/pkgs/default.nix b/pkgs/default.nix index 726ea31bb..dfa8ce7b2 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -118,6 +118,7 @@ let inherit (trivial-builders) copyIntoOwnPackage deepLinkIntoOwnPackage + linkBinIntoOwnPackage linkIntoOwnPackage rmDbusServices rmDbusServicesInPlace